These guidelines explain how the Operator processes requests from law enforcement agencies for customer data. The Operator respects user privacy while cooperating with lawful and properly served legal process.

These guidelines are intended to assist law enforcement officials in understanding what data is available from the Operator, the legal process required to obtain that data, and how to submit requests. Nothing in these guidelines creates any enforceable right or obligation beyond what is required by applicable law.

The Operator responds to the following legal instruments issued by authorized government agencies:

Subpoena (US) / Production Order (EU): Account registration information, payment records, IP assignment history.

Court Order: All subpoena-level data plus bandwidth usage logs, login timestamps, service configuration.

Search Warrant / Judicial Authorization: All court order-level data plus any additional data within the Operator's possession.

Emergency Disclosure Request: For situations involving imminent threat to life or serious physical injury — expedited processing without standard legal instruments.

The Operator will not respond to informal requests, verbal requests, or requests that lack proper legal authority. Each request is reviewed for legal sufficiency before any data is produced.

Upon receipt of a valid legal instrument, the following categories of data may be available for production:

Account information: Email address, display name, account creation date, last login timestamp.

Payment records: Transaction history, payment method type (not full card numbers), billing address on file.

IP assignment records: Which proxy IP addresses were assigned to the account, assignment dates and durations.

Bandwidth usage: Aggregate data transfer volumes per assigned IP address.

Login/session metadata: Login timestamps, approximate geographic location of login based on connecting IP address.

The specific data produced will correspond to the scope authorized by the legal instrument provided.

The following data is not collected as a standard practice by the Operator and therefore is typically not available for production in response to legal process:

• Traffic content — HTTP request/response bodies passing through the proxy infrastructure • Browsing history or destination URLs — The Operator does not log which websites customers visit • DNS queries — DNS queries made through proxies are not logged or stored • Credentials or authentication tokens in transit — Customer authentication data passing through the proxy is not intercepted or recorded • Content of communications — No inspection of data payloads occurs at any point

The Operator operates as a mere conduit and does not inspect or log customer traffic content as part of standard operations. The Operator's infrastructure is designed to minimize data collection consistent with the principle of data minimization.

All requests must be submitted in writing to: legal@hex.gg

Each request must include the following:

• Identity of the requesting agency (full agency name and jurisdiction) • Badge number or official identification of the requesting officer • Legal authority cited (statute, case number, court of issuance) • Specific data requested (as detailed as possible) • Relevant date range for the data sought • Contact information for the assigned officer or case agent

Requests should be as specific and narrowly tailored as possible to minimize scope and expedite processing. Overly broad or insufficiently specific requests may be challenged or returned for clarification.

The Operator will acknowledge receipt of properly submitted requests within a reasonable timeframe.

The Operator may notify affected users of law enforcement requests where permitted unless:

• A court order or gag order specifically prohibits notification • Notification would jeopardize an active investigation (as determined by the requesting agency and confirmed by applicable legal authority) • Notification would endanger any person

When notification restrictions expire, the Operator will promptly notify the affected user of the request, including the nature and scope of data produced.

The Operator may also delay notification where required by law or where the requesting agency provides a legally binding non-disclosure order. The Operator may seek to narrow non-disclosure orders that are overly broad or indefinite in duration.

In cases involving imminent threat to life or serious physical injury, the Operator will prioritize processing of disclosure requests.

Emergency response time: Emergency requests are reviewed as quickly as practicable during business hours (Monday through Friday, 9:00 AM to 6:00 PM ET).

How to submit: Send to legal@hex.gg with the subject line "EMERGENCY DISCLOSURE REQUEST". Include a detailed description of the emergency, the specific data needed, and how the data will help address the emergency.

Verification: The Operator reserves the right to verify the emergency through callback to the requesting agency's official switchboard number. This verification step is intended to prevent fraudulent emergency requests.

Emergency requests must still originate from an authorized government agency. The Operator will not process emergency requests from private parties.

For international law enforcement agencies seeking customer data:

Preferred channels: Requests should be submitted through Mutual Legal Assistance Treaties (MLAT) or other applicable international cooperation mechanisms established between the requesting country and the United States.

EU member states: Direct requests from EU member states are accepted if accompanied by a valid European Investigation Order (EIO) or equivalent judicial instrument recognized under applicable bilateral or multilateral agreements.

Data protection considerations: The Operator will consider applicable data protection laws (including GDPR, UK Data Protection Act, and other relevant frameworks) when responding to international requests. Where conflicts of law arise, the Operator will seek to resolve them in a manner that respects both the requesting jurisdiction's legitimate interests and the data subject's privacy rights.

Requests submitted in languages other than English should include a certified translation.

The Operator may publish aggregate statistics on law enforcement requests in periodic Transparency Reports.

Published statistics include: • Total number of requests received • Number of requests complied with (in full or in part) • Number of requests rejected or challenged • Number of emergency requests processed • Breakdown by legal instrument type (subpoena, court order, warrant, emergency) • Breakdown by jurisdiction (domestic vs. international)

The Transparency Report does not include information that would identify specific investigations, specific customers, or information subject to court-ordered non-disclosure.

The Operator is committed to providing meaningful transparency about law enforcement access to customer data while respecting legitimate law enforcement interests and applicable legal restrictions.

The Operator may preserve specified account records for up to 90 days upon receipt of a valid preservation request from an authorized government agency, where required by law.

Extension: One 90-day extension is available upon receipt of a renewed preservation request before the original preservation period expires.

Scope: Preservation does not require disclosure — a separate legal instrument of the appropriate type is required for production of preserved data. Preservation simply ensures that relevant records are not deleted during the normal course of business while the requesting agency obtains the necessary legal process.

Format: Preservation requests should identify the specific account(s) and data categories to be preserved, and should be submitted to legal@hex.gg with the subject line "PRESERVATION REQUEST."

The Operator will confirm receipt and compliance with preservation requests within a reasonable timeframe.